Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

allow ssh between saluser@tel-lt1.tu and saluser@tel-hw1.tu #652

Merged
merged 9 commits into from
Sep 14, 2022
Merged

allow ssh between saluser@tel-lt1.tu and saluser@tel-hw1.tu #652

merged 9 commits into from
Sep 14, 2022

Commits on Sep 14, 2022

  1. (profile::core::common) add manage_resolv_conf param 

    This param is needed to allow management of hosts in which we do not
want to manage the content of /etc/resolv.conf.
    @jhoblitt
    jhoblitt committed Sep 14, 2022
    Configuration menu
    Copy the full SHA
    2587a9f View commit details
    Browse the repository at this point in the history

  2. (tel-lt1.tu node) disable management of resolv.conf 

    This host is currently in 140.252.32/23 and unable to reach the regular
tu nameservers.
    @jhoblitt
    jhoblitt committed Sep 14, 2022
    Configuration menu
    Copy the full SHA
    8f54368 View commit details
    Browse the repository at this point in the history

  3. (tel-hw1.tu node) allow login as saluser from saluser@tel-lt1.tu.lsst… 

    ….org
    @jhoblitt
    jhoblitt committed Sep 14, 2022
    Configuration menu
    Copy the full SHA
    be22ef1 View commit details
    Browse the repository at this point in the history

  4. (tel-lt1.tu node) allow login as saluser from saluser@tel-hw1.tu.lsst… 

    ….org
    @jhoblitt
    jhoblitt committed Sep 14, 2022
    Configuration menu
    Copy the full SHA
    85a57a3 View commit details
    Browse the repository at this point in the history

  5. (profile::archive::forwarder) rm hieradata fixture; class was deleted

    @jhoblitt
    jhoblitt committed Sep 14, 2022
    Configuration menu
    Copy the full SHA
    f71555c View commit details
    Browse the repository at this point in the history

  6. (profile::util::keytab) convert keytab_base64 param to Sensitive

    @jhoblitt
    jhoblitt committed Sep 14, 2022
    Configuration menu
    Copy the full SHA
    52735ea View commit details
    Browse the repository at this point in the history

  7. (profile::core::keytab) fwv 

    Generates profile::util::keytab resources.
    @jhoblitt
    jhoblitt committed Sep 14, 2022
    Configuration menu
    Copy the full SHA
    2271f83 View commit details
    Browse the repository at this point in the history

  8. (profile::core::common) include profile::core::keytab

    @jhoblitt
    jhoblitt committed Sep 14, 2022
    Configuration menu
    Copy the full SHA
    6cd7896 View commit details
    Browse the repository at this point in the history

  9. (profile::util::keytab) make TGT non-forwardable 

    Generally, we want to allow ssh between 2 pair of hosts only. We don't
not want the TGT to be reusable to make another hop from the destination
host.  If additional access from the destination ssh host is needed, a
role user TGT should also be present on the destination host.
    @jhoblitt
    jhoblitt committed Sep 14, 2022
    Configuration menu
    Copy the full SHA
    44b50a8 View commit details
    Browse the repository at this point in the history